From 8fc6432d44e41787fb7f69ad792f50cc906393d5 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Sat, 23 May 2026 03:31:04 -0500 Subject: fix(dirvish): guard nil file and reject path-traversal playlist names cj/set-wallpaper passed `(dired-file-name-at-point)` straight to `expand-file-name`, so running it with no file at point raised a bare `wrong-type-argument` instead of a clear error. cj/dired-create-playlist-from-marked expanded the raw playlist name under `music-dir` without checking it, so a name like "../foo" or "/etc/foo" would write outside the music directory. I added a nil-file guard to set-wallpaper and a `cj/--playlist-name-safe-p` check that rejects any name carrying a directory separator before the path is built. Both paths now fail cleanly with a user-error. Regression tests went into the existing wrapper and playlist test files. --- tests/test-dirvish-config-playlist.el | 15 +++++++++++++++ tests/test-dirvish-config-wrappers.el | 6 ++++++ 2 files changed, 21 insertions(+) (limited to 'tests') diff --git a/tests/test-dirvish-config-playlist.el b/tests/test-dirvish-config-playlist.el index 3876a177..d059a899 100644 --- a/tests/test-dirvish-config-playlist.el +++ b/tests/test-dirvish-config-playlist.el @@ -78,5 +78,20 @@ lowercase extension list." "Boundary: a name that's just `.m3u' becomes empty after stripping." (should (equal (cj/--playlist-sanitize-name ".m3u") ""))) +;;; cj/--playlist-name-safe-p + +(ert-deftest test-cj--playlist-name-safe-p-bare-name () + "Normal: a bare filename is safe." + (should (cj/--playlist-name-safe-p "roadtrip"))) + +(ert-deftest test-cj--playlist-name-safe-p-empty () + "Boundary: an empty name is not safe." + (should-not (cj/--playlist-name-safe-p ""))) + +(ert-deftest test-cj--playlist-name-safe-p-rejects-separators () + "Error: any directory separator (relative, absolute, or nested) is rejected." + (dolist (bad '("../evil" "../../etc/cron" "/etc/passwd" "sub/dir/name")) + (should-not (cj/--playlist-name-safe-p bad)))) + (provide 'test-dirvish-config-playlist) ;;; test-dirvish-config-playlist.el ends here diff --git a/tests/test-dirvish-config-wrappers.el b/tests/test-dirvish-config-wrappers.el index 7072fcf7..bead4583 100644 --- a/tests/test-dirvish-config-wrappers.el +++ b/tests/test-dirvish-config-wrappers.el @@ -140,5 +140,11 @@ calls the wallpaper-setter binary." (should (member "/some/picture.jpg" call-process-args)) (should (string-match-p "Wallpaper set" msg)))) +(ert-deftest test-dirvish-set-wallpaper-no-file-errors () + "Error: with no file at point, set-wallpaper signals user-error rather +than passing nil to expand-file-name." + (cl-letf (((symbol-function 'dired-file-name-at-point) (lambda () nil))) + (should-error (cj/set-wallpaper) :type 'user-error))) + (provide 'test-dirvish-config-wrappers) ;;; test-dirvish-config-wrappers.el ends here -- cgit v1.2.3